Register Login

sloganpng

top title background image

shedfam.exe

Status: finished

Submission Time: 2022-11-29 15:11:10 +01:00

Malicious

Trojan

Evader

FormBook

Comments

Tags

Details

Analysis ID:
756041
API (Web) ID:
1123317
Analysis Started:

2022-11-29 15:11:10 +01:00
Analysis Finished:

2022-11-29 15:21:15 +01:00
MD5:
c0a85d86855b257b25572aa7d9d90381
SHA1:
ea5ce824d225c0df297586a2c6621aea5ab8584b
SHA256:
c9cf9f0fa6980019aa3a93b9b25ca2cf14cfad4b4afef12d43a20ece34d2093b
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
18.167.242.213	United States
103.100.63.146	China

Domains

Name	IP	Detection
fbcuj92a.n.sktcks.com	18.167.242.213
www.73129.vip	103.100.63.146
www.111lll.xyz	0.0.0.0
Click to see the 1 hidden entries
www.autonomaat.com	54.67.42.145

URLs

Name	Detection
http://www.111lll.xyz/sk19/?6lu=u4lk2PnXcU0u2VBKyLJoTfxxVYVxHm+9jz8FSZNawyXEtvRDPmLLRjoruE33sVgH1sLP&u4=pVhTtd7pjTy
www.justbeand.com/sk19/
http://www.73129.vip/sk19/?6lu=QEAmWZfTRhzoING4/pUtXBuIHlMFTiZNz3G0bLc7Fgt63bTZUMXUq+W3t0nrgTJvEVvm&u4=pVhTtd7pjTy
Click to see the 5 hidden entries
http://www.autoitscript.com/autoit3/J
http://nsis.sf.net/NSIS_Error
http://nsis.sf.net/NSIS_ErrorError
http://gcsahrz23.xyz/
https://www.autoitscript.com/autoit3/

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\kmhbvf.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\hocjhpxqy.mm	ASCII text, with very long lines (65536), with no line terminators	#
C:\Users\user\AppData\Local\Temp\nse13E9.tmp	data	#
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Temp\piqsiyngg.yfg	data	#
C:\Users\user\AppData\Local\Temp\wenvaisrl.au3	ASCII text, with very long lines (1182), with CRLF line terminators	#